Skip to main content

Indian Cyber-Espionage Effort Targets Election, Energy Officials


  • Hackers sought data from Pakistani military, nuclear regulator
  • Group’s campaign started in 2017, research report finds

A hacking group with ties to the Indian military adopted a pair of mobile surveillance tools to spy on geopolitical targets in Pakistan and Kashmir amid persistent regional tensions between the nuclear-armed neighbors, according to a report from cybersecurity company, Lookout Inc.

The group is known for commandeering legitimate web services in South Asia and embedding surveillance tools or malware inside these apps and services to conduct espionage. Since 2017, and as recently as December, the hackers have relied on spyware to target Pakistani military officials, the country’s top nuclear regulator and Indian election officials in the disputed state of Kashmir, according to the report released Thursday from San Francisco-based Lookout.

The campaign appears to be just the latest example of hackers targeting sensitive security targets with social engineering tactics -- luring victims to download malicious files disguised as benign applications. What’s unique about attacks by the group, dubbed Confucius, is the extent to which its operators go to veil their efforts, experts say.

Using knock-off web applications disguised as Google security tools and popular regional chat and dating applications, Confucius managed to access 156 victims’ devices in a trove of data recently discovered by Lookout’s research team. The files and related logs were found by Lookout researchers in unsecured servers used by the attack group, according to the report. Most of the users who recently accessed those servers were based in Northern India.

Once the attackers penetrate a device, they scrape it for data, including call logs, contacts, geolocation, images and voice notes. In some cases, the hackers took screen shots of the devices and recorded phone calls. In at least one instance, intruders got inside the device of a Pakistani Air Force service member and viewed a contact list filled with other Air Force officials, said Apurva Kumar, Lookout’s staff security intelligence engineer.

“While their technical tools and malwares might not be that advanced, the Confucius threat actor invests human time to gain trust from their targets,” said Daniel Lunghi, threat researcher at the cybersecurity firm, Trend Micro Inc. “And in certain sensitive fields where people are more cautious, it might be what makes the difference.”

In two cases, researchers discovered that hackers stole the contents of WhatsApp chat conversations from 2017 and 2018 between officials at the Pakistan Nuclear Regulatory Authority, Pakistan Atomic Energy Commission and unknown third-parties. Then in April 2019, in the midst of India’s latest national election, the attackers burrowed into the device of an election official in the Pulwama region of Kashmir, where months earlier an Indian security convoy was attacked by a Pakistan-based Islamic terrorist in a deadly explosion.

Kumar, of Lookout, said she couldn’t disclose the details of the stolen data.

Her research indicates the espionage campaign ramped up in 2018 after unknown hackers breached the commercial surveillance-ware provider, Retina-X Studios. Hornbill, one of the malware tools used by the attackers, shares code similarities with Retina-X’s Mobile Spy products. Another piece of malicious software called Sunbird, which is capable of remotely commandeering a user’s device, appears to be rooted in code for a stalkerware service called, BuzzOutLoud, based in India


https://www.bloomberg.com/news/articles/2021-02-11/indian-cyber-espionage-effort-targets-election-energy-officials


Comments

Sonam Sharma said…
If You Think How do I find and book Munrika Escorts?
Looking for Munirka Escorts? We offer You the easiest way to get in contact with private escorts from Delhi. our Agency to find the most stunning independent Escorts in Munirka. All our Escorts in Munirka are verified and genuine, so you know what you will be getting.
Munrika Escorts
Call Girls in Munirka
Hi men Nice post. It is really interesting I’m Pooja Sharma, Unbiased Mayur Vihar Escorts, come from Jammu, 21 yrs aged a sweet and classy higher education girl who comes to the Delhi for offering stimulating companionship for genuine gentlemen by having an open up-minded a...

Popular posts from this blog

Menon meets Karzai, discusses security of Indians

Kabul/New Delhi/Washington, March 5 (IANS) India Friday said that the Feb 26 terror attack in Kabul will not deter it from helping rebuild Afghanistan as National Security Adviser Shivshankar Menon met Afghan President Hamid Karzai in Kabul to review the security of around 4,000 Indians working in that country. Menon, who arrived here Friday morning on a two-day visit, discussed with Karzai some proposals to bolster security of Indians engaged in a wide array of reconstruction activities, ranging from building roads, bridges and power stations to social sector projects. The Indian government is contemplating a slew of steps to secure Indians in Afghanistan, including setting up protected venues where the Indians working on various reconstruction projects will be based. Deploying dedicated security personnel at places where Indians work is also being considered. Menon also met his Afghan counterpart Rangin Dadfar Spanta and enquired about the progress in the probe into the Kabul atta

Iran is losing the game to regional actors in its strategic depth

Rethink before It’s Too Late http://www.irdiplomacy.ir/index.php?Lang=en&Page=21&TypeId=15&ArticleId=7108&BranchId=19&Action=ArticleBodyView Iran is losing the game to regional actors in its strategic depth –Afghanistan. By Houman Dolati It is no more a surprise to see Iran absent in Afghanistan affairs. Nowadays, the Bonn Conference and Iran’s contributions to Afghanistan look more like a fading memory. Iran, which had promised of loans and credit worth five-hundred million dollars for Afghanistan, and tried to serve a key role, more than many other countries, for reconstruction and stabilization of Afghanistan, is now trying to efface that memory, saying it is a wrong path, even for the international community. Iran’s empty seat in the Rome Conference was another step backward for Afghanistan’s influential neighbor. Many other countries were surprised with Iran’s absence. Finding out the vanity of its efforts to justify absence in Rome, Iran tried to start its

Pakistani firm whose chemicals were used to kill US troops seeks subsidy for Indiana plant

By Jennifer Griffin, Justin Fishel Published March 22, 2013   A Pakistani fertilizer maker whose chemicals have been used in 80 percent of the roadside bombs that have killed and maimed American troops in Afghanistan is now seeking U.S. taxpayer subsidies in order to open a factory in Indiana.  The request appears to be on hold pending further review, but the situation has stirred outrage in Congress, where some accuse the Pakistani government of halting efforts to clamp down on the bomb-making.  For the past seven years, the U.S. government has known that the raw material calcium ammonium nitrate, or CAN, is making its way across the border into Afghanistan where the Taliban use it to fuel their most deadly weapons, namely the improvised explosive device. IEDs have long been the number one killer of U.S. and coalition troops.  The material largely comes from Pakistani fertilizer maker the Fatima Group. But the Pakistani government has stymied attempts by the Pentagon to stop the